Beruflich Dokumente
Kultur Dokumente
ISSN: 1992-8645
www.jatit.org
E-ISSN: 1817-3195
NORAINI CHE PA, 2BOKOLO ANTHONY JNR, 3ROZI NOR HAIZAN NOR AND 4MASRAH
AZRIFAH AZMI MURAD
1,2,3,4
Faculty of Computer Science and Information Technology, University Putra Malaysia, 43400 UPM,
Serdang, Selangor, Malaysia.
E-mail: 1norainip@upm.edu.my , 2result4real@yahoo.com , 3rozinor@upm.upm.edu.my ,
4
masrah@upm.edu.my
ABSTRACT
Risk assessment (RA) is one of the main activities in risk management of IT governance. Basically, IT
governance is a process or a procedure that involves evaluating and directing the plans for the use of ICT to
support the organization and monitoring the achievement of these plans. The risks that may emerge during
the implementation of IT governance must be properly assessed to ensure its success. In general, risk
assessment in IT governance is focusing on the essential process to aid all relevant parties involved in IT
implementation from both the technical and services aspects. Many studies related to IT risk assessment
and risk assessments of IT governance have been reviewed based on a systematic method which is called
Systematic Literature Review (SLR). Based on this approach, all previous studies related to this title can be
analyzed systematically. Based on the same framework, this paper presents the results of the systematic
reviews on the concept, process, framework, model and challenges of risk assessment of IT governance. In
general, the findings from this review indicate that RA requires a more holistic consideration on numerous
limitations and issues.
Keywords: Risk Assessment, IT Governance, Systematic Literature Review.
1.
INTRODUCTION
ISSN: 1992-8645
www.jatit.org
E-ISSN: 1817-3195
2.
METHOD OF STUDY
Conducting
the Review
Reporting
the review
ISSN: 1992-8645
www.jatit.org
Electronic databases
IEEE Xplore
ACM Digital library
ScienceDirect
SpringerLink
Wiley InterScience
Google Scholar
review or evaluation of
existing practices for
risk assessment.
E-ISSN: 1817-3195
Table 2: Electronic databases included in this SLR
ISSN: 1992-8645
www.jatit.org
3.
E-ISSN: 1817-3195
Questionnaire/Survey
7%
8%
15%
70%
SLR FINDINGS
Multiple data
collection without
questionnaire
Multiple data
collection with
questionnaire
Others
Research methods
Others
in our3%accepted
Empirical
papers Theoretical
Theoretical
12%
Others
Empirical
85%
187
ISSN: 1992-8645
www.jatit.org
Categories
Risk assessment
and
IT
governance.
The interaction
between Risk
assessment and
IT governance.
An assessment of
Risk
in
IT
governance.
Paper
references
Frequency
(studies)
E-ISSN: 1817-3195
3.2
188
ISSN: 1992-8645
www.jatit.org
Paper references
Frequency
(studies)
COBIT
framework
ISO 27002
(ISO 17799)
ITIL
models
E-ISSN: 1817-3195
ISSN: 1992-8645
www.jatit.org
CONCLUSION
RESEARCH
AND
E-ISSN: 1817-3195
FURTHER
ISSN: 1992-8645
www.jatit.org
E-ISSN: 1817-3195
ISSN: 1992-8645
www.jatit.org
[31] G.
R.Saint,
Information
Security
Management Best Practice Based on
ISO/IEC 17799', Information Management
Journal,Vol. 39, No. 4, July 2005, pp. 6066.
[32] K. Bilge and I.Sogukpinar., A quantitative
method
for
ISO
17799
gap
analysis. Computers & Security, Vol.25, No.
6, 2006, pp. 413-419
[33] D.Mellado and D. G. Rosado, An
Overview of Current Information Systems
Security Challenges and Innovations,
Journalof Universal Computer Science,
February 21-23, 2007, pp. 234-241.
[34] J. Eloffand M.Eloff, Information Security
Management-A
New
Paradigm,
Proceedings of SAICSIT, February 21-23,
2003, pp. 130-136.
[35] S. Groves, The Unlikely Heroes of Cyber
Security,
Information
Management
Journal,Vol. 37, No. 3, May 2003, pp. 34-40.
[36] M.Theoharidou, S.Kokolakis, Karyda, M.
and E. Kiountouzis, The insider threat to
information systems and the effectiveness of
ISO17799,Computers & Security, Vol. 24,
No. 6, May2005, pp. 472-484.
[37] N.Robinson, IT excellence starts with
governance, The Journal of Investment
Compliance, Vol. 6, No.3, April 2005, pp.
45-49.
[38] F.
Say-weiand
A.Muruganantham,
Software Risk Assessment Model; National
University of Singapore,IEEEinternational
conference on management of innovation
and technology, May 21-23, 2005, pp. 536544.
[39] B.Singh, D. S.Kapil and S. Chandra, A
New Model for Software Risk Management
Inc. Computer Technology & Applications,
Vol. 3, No.3, 2012,pp. 953-956.
[40] A. Abraham and S. Y. Han, Programming
Risk Assessment Models for Online Security
Evaluation Systems, International Journal
of Computer Trends and Technology
(IJCTT), Vol. 9, No 6,2009, pp.279-285
[41] S. Patel and J.Zaveri, A Risk-Assessment
Model for Cyber Attacks on Information
Systems Department of Information Science
& Systems, Morgan State University,
Baltimore, Journal Of Computers, Vol. 5,
No. 3, 2010, pp. 352-359
[42] M. ChoetkiertikulandT.Sunetnanta, A Risk
Assessment Model for Offshoring Using
E-ISSN: 1817-3195
192
ISSN: 1992-8645
www.jatit.org
E-ISSN: 1817-3195
Researchers
Components/ Technique
Limitation
[5]
Value
Modeling,
Process
Analysis,
Uncertainty
Estimation & Multi-Criteria
Decision Making
The framework is still a general conceptual Roadmap, serving as a guideline for future research.
Much work has to be done to make it practically
applicable to real world business.
[38]
[39]
[40]
Risk-assessment model to
assess the impact of cyber
attacks
[41]
A
Quantitative
Assessment Model
[42]
Risk
A knowledge-based risk
assessment framework
[43]
[44]
A Fussy ExCOM
assessment model
risk
[45]
Architecture-oriented
information security risk
assessment model
(AOISRAM)
[46]
193